> From: owner-openssl-us...@openssl.org On Behalf Of krishnamurthy
santhanam
> Sent: Friday, 05 August, 2011 08:09
> I have to write back rsa public/private key to calling function,
> i have tried below program using i2d_RSAPrivatekey().
> My application will not accept RSA * structure, it will accept only
char
> or strings to be return as s key.
It's not clear what you're trying to do. Your code is actually operating
on a private key but your label says pubkey. You talk about 'encrypting
the message' but RSA_private_encrypt is a misnomer, it actually provides
integrity protection (signing) NOT confidentiality (encryption).
> #include <stdio.h>
> #include <string.h>
> #include <openssl/rsa.h>
> typedef struct {
> unsigned char cl_priv[1000];
> } DER_RSA;
If you change to a keysize that is actually secure, this will be
too small for a private key (at least an OpenSSL private key,
which has all the CRT components). It will be big enough for
a public key if that's what you actually want and do.
Although DER is self-delimiting, the length computation is
nontrivial. I would keep the length explicitly in the struct.
> generate(DER_RSA *ctr)
Since 1999 'implicit int' is gone from C. You must declare
the return type of a function (and the type of a variable etc.).
If you don't want to return a value, declare it 'void'.
> {
> RSA *rsa, *pub_rsa, *priv_rsa;
> unsigned char keybuf[512], *p;
If this 512 is intended to be related to the size of the key,
or related cryptogram(s), remember that keys (and ciphers and
hashes etc) are in bits, while C char is a byte.
> int len;
> // DER_RSA *ctr;
> printf("hello");
>
> rsa = RSA_generate_key(512, RSA_F4,NULL,NULL);
512-bit RSA has been in range for factoring,
and thus insecure, for about a decade now.
In general you should always check for errors, here
a returned null pointer, before using the result.
In particular I think RSA_generate_key could fail
for lack of entropy, though yours apparently didn't.
> /* get separated der key pair */
> p=ctr->cl_priv;
> len=i2d_RSAPrivateKey(rsa,&p);
> printf("\nlen=%d\n",len);
> return ;
> RSA_free(rsa);
This is never executed, so you have a (small) memory leak.
> }
> int main()
> {
> int i;
> DER_RSA *ctr;
This is an uninitialized pointer, and
> generate(ctr);
this uses that pointer to try to access memory.
That can cause many different problems.
> printf("pubkey=%s",ctr->cl_priv);
> }
> pubkey=(null)
It looks like 'ctr' happened to be 0, which in C is the
null pointer (except very weird systems you can ignore).
*Many* C platforms nowadays fault for access to 0, because
it's such a common bug; what are you running on?
If you want to use a DER_RSA object (containing a buffer),
create one and then use it.
Even if this encoded to proper memory, DER (the result
of i2d_anything) is not a C string and can't validly be
printed with %s, or strcpy'ed, or strcmp'ed, etc.
You need to treat it as binary data, and that's why
you want to keep track explicitly of its length.
Alternatively you can further encode it into a form that
IS a valid string; base64 and hex are two popular ones.
PEM is a variant of base64 builtin to OpenSSL.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
